Vuln: NTP CVE-2017-6464 Denial of Service Vulnerability

Bugtraq ID: 97050
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2017-6464

Remote: Yes
Local: No
Published: Mar 21 2017 12:00AM
Credit: Cure53
Vulnerable: Redhat Enterprise Linux 7
Redhat Enterprise Linux 6
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
Redhat Enterprise Linux 5
NTP NTPd 4.3
NTP NTPd 4.2.1
NTP NTPd 4.2
NTP NTPd 4.1
NTP NTPd 4.0
NTP NTP 4.3.90
NTP NTP 4.3.25
NTP NTP 4.3
NTP NTP 4.2.8
NTP NTP 4.2.6
NTP NTP 4.2.5 p74
NTP NTP 4.2.5 p153
NTP NTP 4.2.5 p150
NTP NTP 4.2.4 p8
NTP NTP 4.2.4 p7
NTP NTP 4.2.4 p6
NTP NTP 4.2.4 p5
NTP NTP 4.2.4 p4
NTP NTP 4.2.2 p4
NTP NTP 4.2.2 p1
NTP NTP 4.3.93
NTP NTP 4.3.92
NTP NTP 4.3.77
NTP NTP 4.3.70
NTP NTP 4.2.8p9
NTP NTP 4.2.8p8
NTP NTP 4.2.8p7
NTP NTP 4.2.8p6
NTP NTP 4.2.8p5
NTP NTP 4.2.8p4
NTP NTP 4.2.8p3
NTP NTP 4.2.8p2
NTP NTP 4.2.8p1
NTP NTP 4.2.7p385
NTP NTP 4.2.7p366
NTP NTP 4.2.7p22
NTP NTP 4.2.7p111
NTP NTP 4.2.7p11
NTP NTP 4.2.5p3
NTP NTP 4.2.5p203
NTP NTP 4.2.5p186

Not Vulnerable: NTP NTP 4.3.94
NTP NTP 4.2.8p10

Discussion

NTP CVE-2017-6464 Denial of Service Vulnerability

NTP is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users.

Exploit

NTP CVE-2017-6464 Denial of Service Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

References

NTP CVE-2017-6464 Denial of Service Vulnerability

References:

• NTP Homepage (ntp.org)
  
• NTP-01-016 NTP: Denial of Service via Malformed Config (Medium) (NTP)
  
• ntp: Denial of Service via Malformed Config (Red Hat)
  

Source: www.securityfocus.com